APPLE-SA-12-11-2023-1 Safari 17.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-1 Safari 17.2

Safari 17.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214039.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to arbitrary code execution...

APPLE-SA-11-30-2023-3 macOS Sonoma 14.1.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-11-30-2023-3 macOS Sonoma 14.1.2

macOS Sonoma 14.1.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214032.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Sonoma
Impact: Processing web content may disclose sensitive information. Apple
is...

APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-2 iOS 17.2 and iPadOS 17.2

iOS 17.2 and iPadOS 17.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214035.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accounts
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro...

APPLE-SA-12-11-2023-3 iOS 16.7.3 and iPadOS 16.7.3

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-3 iOS 16.7.3 and iPadOS 16.7.3

iOS 16.7.3 and iPadOS 16.7.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214034.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accounts
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd
generation and...

APPLE-SA-12-11-2023-4 macOS Sonoma 14.2

Posted by Apple Product Security via Fulldisclosure on Dec 12

APPLE-SA-12-11-2023-4 macOS Sonoma 14.2

macOS Sonoma 14.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT214036.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: macOS Sonoma
Impact: Secure text fields may be displayed via the Accessibility
Keyboard...

SEC Consult SA-20231123 :: Uninstall Key Caching in Fortra Digital Guardian Agent Uninstaller

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 27

SEC Consult Vulnerability Lab Security Advisory < 20231123-0 >
=======================================================================
title: Uninstall Key Caching
product: Fortra Digital Guardian Agent Uninstaller
(Data Loss Prevention)
vulnerable version: Agent: <7.9.4
fixed version: Agent: 7.9.4
CVE number: CVE-2023-6253
impact: High...

SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 27

SEC Consult Vulnerability Lab Security Advisory < 20231122-0 >
=======================================================================
title: Multiple Vulnerabilities
product: m-privacy TightGate-Pro
vulnerable version: Rolling Release, servers with the following package
versions are vulnerable:
tightgatevnc < 4.1.2~1
rsbac-policy-tgpro <...

Senec Inverters Home V1, V2, V3 Home & Hybrid Use of Hard-coded Credentials - CVE-2023-39169

Posted by Phos4Me via Fulldisclosure on Nov 27

Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

CVE-2023-46307

Posted by Kevin on Nov 27

running on the remote port specified during setup

[SYSS-2023-019] SmartNode SN200 - Unauthenticated OS Command Injection

Posted by Maurizio Ruchay via Fulldisclosure on Nov 27

Advisory ID: SYSS-2023-019
Product: SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway
Manufacturer: Patton LLC
Affected Version(s): <= 3.21.2-23021
Tested Version(s): 2.21.1-22041, 3.21.2-23021, 3.22.0-23083
Vulnerability Type: OS Command Injection (CWE-78)
Vulnerability Type: Improper Access Control (CWE-284)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2023-07-05
Public Disclosure: 2023-08-28
CVE...

CVE-2023-46307

Posted by Kevin on Nov 27

While conducting a penetration test for a client, they were running an
application called etc-browser which is a public GitHub project with a
Docker container. While fuzzing the web server spun up with etcd-browser
(which can run on any arbitrary port), the application had a Directory
Traversal vulnerability that is simply triggered with the following payload:

GET /../../../../../../../../../../../../etc/passwd

If running in the docker...

Survey on usage of security advisories

Posted by Aurich, Janik on Nov 27

Dear list members,

we are looking for voluntary participants for our survey, which was
developed in the context of a master thesis at the University of
Erlangen-Nuremberg.

The goal of the survey is to determine potential difficulties that may
occur when dealing with security advisories.
The focus of the study lies on the acquisition and maintenance of
security advisories
as well as the decision making based on their content.

Participants...

[CVE-2023-46383, CVE-2023-46384, CVE-2023-46385] Multiple vulnerabilities in Loytec products (2)

Posted by Chizuru Toyama on Nov 27

[+] CVE : CVE-2023-46383, CVE-2023-46384, CVE-2023-46385
[+] Title : Multiple vulnerabilities in Loytec LINX Configurator
[+] Vendor : LOYTEC electronics GmbH
[+] Affected Product(s) : LINX Configurator 7.4.10
[+] Affected Components : LINX Configurator
[+] Discovery Date : 01-Sep-2021
[+] Publication date : 03-Nov-2023
[+]...

[CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389] Multiple vulnerabilities in Loytec products (3)

Posted by Chizuru Toyama on Nov 27

[+] CVE : CVE-2023-46386, CVE-2023-46387, CVE-2023-46388, CVE-2023-46389
[+] Title : Multiple vulnerabilities in Loytec L-INX Automation Servers
[+] Vendor : LOYTEC electronics GmbH
[+] Affected Product(s) : LINX-151, Firmware 7.2.4, LINX-212, firmware 6.2.4
[+] Affected Components : L-INX Automation Servers
[+] Discovery Date :...

Senec Inverters Home V1, V2, V3 Home & Hybrid Cleartext Transmission of Authentication Credentials - CVE-2023-39172

Posted by Phos4Me via Fulldisclosure on Nov 12

Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Senec Inverters Home V1, V2, V3 Home & Hybrid Exposure of the Username to an Unauthorized Actor - CVE-2023-39168

Posted by Phos4Me via Fulldisclosure on Nov 12

Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Senec Inverters Home V1, V2, V3 Home & Hybrid Publicly Accessible Default Credentials- CVE-2023-39170

Posted by Phos4Me via Fulldisclosure on Nov 12

Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Senec Inverters Home V1, V2, V3 Home & Hybrid Publicly Accessible Management Interface “Local GUI”- CVE-2023-39171

Posted by Phos4Me via Fulldisclosure on Nov 12

Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

HNS-2023-03 - HN Security Advisory - Multiple vulnerabilities in Zephyr RTOS

Posted by Marco Ivaldi on Nov 12

Hi all,

Find attached a security advisory that details multiple
vulnerabilities we discovered in the Zephyr real-time operating
system.

* Title: Multiple vulnerabilities in Zephyr RTOS
* OS: Zephyr <= 3.4.0, except for:
* CVE-2023-4265 that affects Zephyr <= 3.3.0
* CVE-2023-4261 that affects Zephyr <= 3.5.0
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2023-11-07
* CVE IDs and severity:
* CVE-2023-3725 -...

[CVE-2023-46380, CVE-2023-46381, CVE-2023-46382] Multiple vulnerabilities in Loytec products

Posted by Chizuru Toyama on Nov 03

[+] CVE : CVE-2023-46380, CVE-2023-46381, CVE-2023-46382
[+] Title : Multiple vulnerabilities in Loytec LWEB-802, L-INX Automation Servers, L-IOB
I/O Controllers, L-VIS Touch Panels
[+] Vendor : LOYTEC electronics GmbH
[+] Affected Product(s) : LINX-212 firmware 6.2.4, LVIS-3ME12-A1 firmware 6.2.2, LIOB-586 firmware 6.2.3
[+] Affected Components :...

LKX-2023-001 VinChin VMWare Backup

Posted by Gregory Boddin via Fulldisclosure on Oct 27

VinChin Backup & Recovery is an all-in-one backup solution for virtual infrastructures supporting VMWare, KVM, Xen
Server, Hyper-V, OpenStack and more. The product also supports AWS, Azure and other cloud providers as backup storage.

VinChin has failed to acknowledge the various requests over a month period, we are thus disclosing the following
vulnerabilities:

CVE-2023-45499 - VinChin VMWare Backup 5.0 to 7.0
During our research we...

[KIS-2023-12] phpFox <= 4.8.13 (redirect) PHP Object Injection Vulnerability

Posted by Egidio Romano on Oct 27

--------------------------------------------------------------
phpFox <= 4.8.13 (redirect) PHP Object Injection Vulnerability
--------------------------------------------------------------

[-] Software Link:

https://www.phpfox.com

[-] Affected Versions:

Version 4.8.13 and prior versions.

[-] Vulnerability Description:

User input passed through the "url" request parameter to the
/core/redirect route is not properly sanitized...

[KIS-2023-11] SugarCRM <= 13.0.1 (set_note_attachment) Unrestricted File Upload Vulnerability

Posted by Egidio Romano on Oct 26

-------------------------------------------------------------------------------
SugarCRM <= 13.0.1 (set_note_attachment) Unrestricted File Upload
Vulnerability
-------------------------------------------------------------------------------

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 13.0.1 and prior versions.
Version 12.0.3 and prior versions.

[-] Vulnerability Description:

When handling the...

[KIS-2023-10] SugarCRM <= 13.0.1 (GetControl) Server-Side Template Injection Vulnerability

Posted by Egidio Romano on Oct 26

----------------------------------------------------------------------------
SugarCRM <= 13.0.1 (GetControl) Server-Side Template Injection
Vulnerability
----------------------------------------------------------------------------

[-] Software Link:

https://www.sugarcrm.com

[-] Affected Versions:

Version 13.0.1 and prior versions.
Version 12.0.3 and prior versions.

[-] Vulnerability Description:

There is a sort of Server-Side Template...

APPLE-SA-10-25-2023-1 iOS 17.1 and iPadOS 17.1

Posted by Apple Product Security via Fulldisclosure on Oct 25

APPLE-SA-10-25-2023-1 iOS 17.1 and iPadOS 17.1

iOS 17.1 and iPadOS 17.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213982.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Contacts
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro...

APPLE-SA-10-25-2023-8 watchOS 10.1

Posted by Apple Product Security via Fulldisclosure on Oct 25

APPLE-SA-10-25-2023-8 watchOS 10.1

watchOS 10.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213988.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Find My
Available for: Apple Watch Series 4 and later
Impact: An app may be able to read sensitive location information...

APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1

Posted by Apple Product Security via Fulldisclosure on Oct 25

APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1

macOS Ventura 13.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213985.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreAnimation
Available for: macOS Ventura
Impact: An app may be able to cause a denial-of-service
Description:...

APPLE-SA-10-25-2023-7 tvOS 17.1

Posted by Apple Product Security via Fulldisclosure on Oct 25

APPLE-SA-10-25-2023-7 tvOS 17.1

tvOS 17.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213987.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

mDNSResponder
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A device may be passively tracked by its Wi-Fi MAC...

APPLE-SA-10-25-2023-6 macOS Monterey 12.7.1

Posted by Apple Product Security via Fulldisclosure on Oct 25

APPLE-SA-10-25-2023-6 macOS Monterey 12.7.1

macOS Monterey 12.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213983.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreAnimation
Available for: macOS Monterey
Impact: An app may be able to cause a denial-of-service...

APPLE-SA-10-25-2023-9 Safari 17.1

Posted by Apple Product Security via Fulldisclosure on Oct 25

APPLE-SA-10-25-2023-9 Safari 17.1

Safari 17.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213986.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: Processing web content may lead to arbitrary code execution...

APPLE-SA-10-25-2023-4 macOS Sonoma 14.1

Posted by Apple Product Security via Fulldisclosure on Oct 25

APPLE-SA-10-25-2023-4 macOS Sonoma 14.1

macOS Sonoma 14.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213984.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

App Support
Available for: macOS Sonoma
Impact: Parsing a file may lead to an unexpected app termination or
arbitrary...

APPLE-SA-10-25-2023-3 iOS 15.8 and iPadOS 15.8

Posted by Apple Product Security via Fulldisclosure on Oct 25

APPLE-SA-10-25-2023-3 iOS 15.8 and iPadOS 15.8

iOS 15.8 and iPadOS 15.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213990.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE
(1st generation), iPad...

APPLE-SA-10-25-2023-2 iOS 16.7.2 and iPadOS 16.7.2

Posted by Apple Product Security via Fulldisclosure on Oct 25

APPLE-SA-10-25-2023-2 iOS 16.7.2 and iPadOS 16.7.2

iOS 16.7.2 and iPadOS 16.7.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213981.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreAnimation
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd
generation...

Ringzer0 Bootstrap24 CFP Now Open

Posted by Steve Lord on Oct 25

-o- Ringzer0 BOOTSTRAP24 Austin Call For Papers -o-

## Dates, Deadlines and Venue:

- BOOTSTRAP24 Conference: 24 February 2024
- BOOTLOADER Mixer Evening: 23 February 2024
- CFP Closes 3 November 2023
- Final Selection by 5 November 2023
- Talks and Workshops should be submitted to
https://cfp.ringzer0.training/ringzer0-bootstrap24-austin/cfp

## About Ringzer0 BOOTSTRAP24 Austin

- All new hacker conference heavy on hands-on participation!
- A...

APPLE-SA-10-10-2023-1 iOS 16.7.1 and iPadOS 16.7.1

Posted by Apple Product Security via Fulldisclosure on Oct 16

APPLE-SA-10-10-2023-1 iOS 16.7.1 and iPadOS 16.7.1

iOS 16.7.1 and iPadOS 16.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213972.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd
generation and...

Defense in depth -- the Microsoft way (part 86): shipping rotten software to billions of unsuspecting customers

Posted by Stefan Kanthak on Oct 16

Hi @ll,

the 7 cURL versions after 8.0.1, released March 20, 2023,
<https://curl.se/docs/releases.html>, fix the following 3
vulnerabilities <https://curl.se/docs/vulnerabilities.html>:
CVE-2023-38039 <https://curl.se/docs/CVE-2023-38039.html>
CVE-2023-38545 <https://curl.se/docs/CVE-2023-38545.html>
CVE-2023-38546 <https://curl.se/docs/CVE-2023-38546.html>

Once again (really: for several months), in their VERY...

XNSoft Nconvert 7.136 - Multiple Vulnerabilities

Posted by michele on Oct 16

XNSoft Nconvert 7.136 - Multiple Vulnerabilities

============================================================================
===

Identifiers

-------------------------------------------------

1. CVE-2023-43250

2. CVE-2023-43251

3. CVE-2023-43252

CVSSv3.1 score

-------------------------------------------------

1. CVE-2023-43250: 7.8 -
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U...

Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.

Posted by Joshua Rogers on Oct 16

Dear fulldisclosure,

Two and a half years ago an independent audit was performed on The Squid
Caching Proxy, which ultimately resulted in 55 vulnerabilities being
discovered in the project's C++ source code.

Although some of the issues have been fixed, the majority (35) remain
valid. The majority have not been assigned CVEs, and no patches or
workarounds are available. Some of the listed issues concern more than one
bug, which is why 45...

CVE-2023-4911: Local Privilege Escalation in the glibc's ld.so

Posted by Qualys Security Advisory via Fulldisclosure on Oct 05

Qualys Security Advisory

Looney Tunables: Local Privilege Escalation in the glibc's ld.so
(CVE-2023-4911)

========================================================================
Contents
========================================================================

Summary
Analysis
Proof of concept
Exploitation
Acknowledgments
Timeline

========================================================================
Summary...

APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3

Posted by Apple Product Security via Fulldisclosure on Oct 05

APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3

iOS 17.0.3 and iPadOS 17.0.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213961.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro...

SEC Consult SA-20231005 :: Open Redirect in SAP® BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Oct 05

SEC Consult Vulnerability Lab Security Advisory < 20231005-0 >
=======================================================================
title: Open Redirect in BSP Test Application it00
(Bypass for CVE-2020-6215 Patch)
product: SAP® Application Server ABAP and ABAP®
Platform (SAP_BASIS)
vulnerable version: see section "Vulnerable / tested versions"...

APPLE-SA-09-26-2023-2 macOS Sonoma 14

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-2 macOS Sonoma 14

macOS Sonoma 14 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213940.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Airport
Available for: Mac Studio (2022 and later), iMac (2019 and later), Mac
Pro (2019 and later), Mac mini (2018 and...

APPLE-SA-09-26-2023-1 Safari 17

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-1 Safari 17

Safari 17 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213941.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Safari
Available for: macOS Monterey and macOS Ventura
Impact: Visiting a website that frames malicious content may lead to UI...

APPLE-SA-09-26-2023-3 Additional information for APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-3 Additional information for APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7

iOS 16.7 and iPadOS 16.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213927.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

App Store
Available for: iPhone 8 and later, iPad Pro...

APPLE-SA-09-26-2023-5 Additional information for APPLE-SA-2023-09-21-7 macOS Monterey 12.7

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-5 Additional information for APPLE-SA-2023-09-21-7 macOS Monterey 12.7

macOS Monterey 12.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213932.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: macOS Monterey
Impact: An app...

APPLE-SA-09-26-2023-4 Additional information for APPLE-SA-2023-09-21-6 macOS Ventura 13.6

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-4 Additional information for APPLE-SA-2023-09-21-6 macOS Ventura 13.6

macOS Ventura 13.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213931.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Apple Neural Engine
Available for: macOS Ventura
Impact: An app may...

APPLE-SA-09-26-2023-6 Xcode 15

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-6 Xcode 15

Xcode 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213939.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Dev Tools
Available for: macOS Ventura 13.5 and later
Impact: An app may be able to gain elevated privileges
Description: This issue was...

APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-7 iOS 17 and iPadOS 17

iOS 17 and iPadOS 17 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213938.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Airport
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro 10.5-inch,...

APPLE-SA-09-26-2023-8 watchOS 10

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-8 watchOS 10

watchOS 10 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213937.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

App Store
Available for: Apple Watch Series 4 and later
Impact: A remote attacker may be able to break out of Web Content
sandbox...

SEC Consult SA-20230927-0 :: Multiple Vulnerabilities in SAP® Enable Now Manager

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Oct 02

SEC Consult Vulnerability Lab Security Advisory < 20230927-0 >
=======================================================================
title: Multiple Vulnerabilities
product: SAP® Enable Now Manager
vulnerable version: 10.6.5 (Build 2804) Cloud Edition
fixed version: May 2023 Release
CVE number: N/A (cloud)
impact: high
homepage: https://www.sap.com/about.html...

APPLE-SA-09-26-2023-9 tvOS 17

Posted by Apple Product Security via Fulldisclosure on Oct 02

APPLE-SA-09-26-2023-9 tvOS 17

tvOS 17 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213936.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Airport
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read sensitive location information...

SEC Consult SA-20230925-0 :: Stored Cross-Site Scripting in mb Support broker management solution openVIVA c2

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Oct 02

SEC Consult Vulnerability Lab Security Advisory < 20230925-0 >
=======================================================================
title: Stored Cross-Site Scripting
product: mb Support broker management solution openVIVA c2
vulnerable version: <20220801
fixed version: =>20220801
CVE number: CVE-2022-39172
impact: Medium
homepage: https://mbsupport.de...

[tool] WatchGuard Firebox Web Update Unpacker

Posted by retset on Sep 25

A small utility for extracting file system images from "sysa-dl" update
files.

https://github.com/ret5et/Watchguard_WebUI_Unpacker

APPLE-SA-2023-09-21-4 watchOS 10.0.1

Posted by Apple Product Security via Fulldisclosure on Sep 22

APPLE-SA-2023-09-21-4 watchOS 10.0.1

watchOS 10.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213928.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: Apple Watch Series 4 and later
Impact: A local attacker may be able to elevate their privileges. Apple...

APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1

Posted by Apple Product Security via Fulldisclosure on Sep 22

APPLE-SA-2023-09-21-2 iOS 17.0.1 and iPadOS 17.0.1

iOS 17.0.1 and iPadOS 17.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213926.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro...

APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7

Posted by Apple Product Security via Fulldisclosure on Sep 22

APPLE-SA-2023-09-21-3 iOS 16.7 and iPadOS 16.7

iOS 16.7 and iPadOS 16.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213927.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Kernel
Available for: iPhone 8 and later, iPad Pro (all models),...

APPLE-SA-2023-09-21-1 Safari 16.6.1

Posted by Apple Product Security via Fulldisclosure on Sep 22

APPLE-SA-2023-09-21-1 Safari 16.6.1

Safari 16.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213930.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Big Sur and Monterey
Impact: Processing web content may lead to arbitrary code
execution. Apple is...

APPLE-SA-2023-09-21-5 watchOS 9.6.3

Posted by Apple Product Security via Fulldisclosure on Sep 22

APPLE-SA-2023-09-21-5 watchOS 9.6.3

watchOS 9.6.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213929.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Kernel
Available for: Apple Watch Series 4 and later
Impact: A local attacker may be able to elevate their privileges. Apple...

APPLE-SA-2023-09-21-7 macOS Monterey 12.7

Posted by Apple Product Security via Fulldisclosure on Sep 22

APPLE-SA-2023-09-21-7 macOS Monterey 12.7

macOS Monterey 12.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213932.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Kernel
Available for: macOS Monterey
Impact: A local attacker may be able to...

APPLE-SA-2023-09-21-6 macOS Ventura 13.6

Posted by Apple Product Security via Fulldisclosure on Sep 22

APPLE-SA-2023-09-21-6 macOS Ventura 13.6

macOS Ventura 13.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213931.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Additional CVE entries coming soon.

Kernel
Available for: macOS Ventura
Impact: A local attacker may be able to...